Permalink
Switch branches/tags
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
132 lines (131 sloc) 28.3 KB
{
"organisationInformation": {
"name": "Aviva",
"number": "02468686",
"registrationCountry": "gb",
"description": "Insurance company"
},
"organisationUrls": [
"https://www.aviva.co.uk"
],
"privacyNoticeUrl": {
"url": "https://www.aviva.co.uk/legal/privacy-policy.html"
},
"dataProtectionOfficer": {
"present": "present",
"role": "Data Protection Officer",
"contactInfo": {
"postalAddress": "The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH",
"emailAddress": "DATAPRT@aviva.com"
}
},
"rights": {
"isMissing": false,
"general": {
"contactInfo": {
"postalAddress": "The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH",
"emailAddress": "DATAPRT@aviva.com"
},
"observations": "Aviva's policy individually outlines the rights that subjects have over their data but most appear to direct users to the same contact addresses."
},
"access": {
"contactInfo": {
"url": "https://www.aviva.co.uk/legal/subject-access-request/",
"postalAddress": "The Data Protection Team, Aviva, Pitheavlis, Perth, PH2 0NH"
}
},
"rectification": {
"contactInfo": {}
},
"erasure": {
"contactInfo": {}
},
"restrictProcessing": {
"contactInfo": {}
},
"dataPortability": {
"contactInfo": {}
},
"object": {
"contactInfo": {}
},
"automatedDecisionMaking": {
"contactInfo": {}
}
},
"dataCategoriesCollected": {
"isMissing": false,
"list": [
"criminal_records",
"employment",
"health",
"social_security_number"
],
"observations": "Aviva's policy does not offer a full breakdown of every piece of personal data they collect.",
"sourceText": "1.1 Motor and home insurance\nWhen you take out a motor or home policy, we’ll collect and use your personal information to arrange, underwrite and manage your policy, as well as prevent fraud and handle claims.\n\nThe personal information we use for these types of policies includes any relevant offences and convictions for each person to be insured under the policy as well as any relevant health information, for example if a claim is made involving a personal injury.\n\nIf you take out a motor policy we’ll also collect and use information about you and your vehicle. We’ll get this information from you, public registers, our trusted third parties such as the MIB and from information already held by us, eg from previous policies or quotes. If you’re seeking a policy with telematics capability, we’ll also use telematics data.\n\nYour driving history\nWe may ask you to provide the driving licence number so we can quickly get useful data from the DVLA such as the licence status of each driver, their licence entitlement, relevant restriction information, endorsement and conviction details. If you do not wish to provide us with your licence information, you can choose to answer the questions about your licence information yourself.\n\nWe’ll also add details of the policy to the Motor Insurance Database maintained by the MIB. The MIB may make this information available to authorised bodies such as the DVLA, DVLNI and IFB.\n\nAbout your home\nWhen you take out a home policy, we may obtain information about you and your home from publicly available registers and databases. These may include land registers, as well as information already held by us, such as information about previous policies or claims, or from our trusted third parties, such as commercially available property databases where this will help us underwrite the policy.\n\nIn some cases when you apply for motor or home insurance, we may share your information with credit reference agencies so they can carry out searches relating to you. Find out more about how we work with credit reference agencies here.\n\nAutomated decision making\nWe need your personal information when you apply for a policy to decide if we can offer a policy and, if so, on what terms. We use an automated underwriting engine as part of that process, which takes account of the information you have provided including address, post code, and age, (and, for motor policies, we use marital status, employment details and details of health and relevant offences and convictions for you and any other drivers). The automated engine may also validate information you provide against other records we hold about you in our systems and third party databases, including public databases. We may supplement the information you provide with information from third parties who can provide more information about your vehicle or property (including DVLA databases, land registries and commercially available property databases). More details on your rights in relation to automated decision making are here.\n\nThroughout the term of these types of policies we’ll hold your personal information to enable us to properly administer the policy, such as offering renewal or dealing with claims. We may use the information to perform analytics and ensure we’re appropriately pricing our products.\n\nVerifying claims\nIf a claim is made, we use your personal information to verify the claim and ensure that we pay out to the right person. In addition we’ll need to collect and use the following personal information:\n\nfor a claim following a motor accident, we’ll ask for details of the claim, information about those involved and any personal injury you or others may have suffered\nfor a claim under a home policy, we’ll ask you to confirm your identity and provide details of the claim.\n1.2 Travel and health insurance\nWhere you take out a travel or health policy we’ll collect and use your personal information to arrange, underwrite and manage your policy, as well as prevent fraud and handle claims.\n\nThe personal information we use for these types of policies includes health information for each person to be insured, for example other family members who are to be covered under the insurance policy.\n\nFor health policies we may also ask you to authorise your healthcare provider to supply relevant supporting information, including, where relevant, health information about the family or personal history of each person to be insured.\n\nAutomated decision making\nWe need your personal information when you apply to us to decide if we can offer a policy and, if so, on what terms. We use an automated underwriting engine as part of that process, which takes account of the information you have provided (including address, age and any medical conditions of the policyholder and any other people to be insured). The automated engine may also validate information you provide against other records we hold about you in our systems and third party databases, including public databases. Find more details on automated decision making here.\n\nThroughout the life of these types of policies, we’ll hold your personal information to enable us to properly administer the policy such as offering renewal or dealing with claims. We may also use the personal information to perform analytics and ensure that our products are appropriately priced.\n\nVerifying claims\nIf a claim is made, we use personal information to verify the claim and ensure that we pay out to the right person. In addition, we’ll need to collect and use the following personal information:\n\nfor claims under a travel policy we’ll need to ask you to confirm your identity and provide details of the claim, including information about any illness or personal injury suffered. We’ll share information with assistance providers where necessary to help deal with a claim.\nfor claims under a health policy we’ll ask you to confirm the identity of the person making the claim and provide details of the health condition to which the claim relates. To assist with your claim we may also ask you to authorise your healthcare provider to supply information. We may also pass information you have given us to your treating healthcare provider or case manager.\n1.3 Pet, mobile/gadget and personal accident insurance\nWhen you take out a pet, mobile/gadget or personal accident policy we’ll collect and use your personal information to arrange, underwrite and manage your policy, as well as prevent fraud and handle claims.\n\nThe personal information we use for these types of policies include:\n\nFor pet – information about your pet including name, gender, date of birth, medical conditions, if your pet has been chipped/tagged and/or neutered, if your pet has been involved in any incidents or accidents that may give rise to legal action against you\nFor mobile/gadget – information about the type of your gadget, its make, model, value, date of purchase and serial number or IMEI number\nFor personal accident - your age and the level of cover you choose\nWe need your personal information when you apply to us to decide if we can offer a policy and, if so, on what terms. We use an automated underwriting engine as part of that process, which takes account of the information you have provided, which includes the information listed above. For more detail about automated decision making – please click here.\n\nThroughout the life of these types of policies, we’ll hold your personal information to enable us to properly administer the policy, such as allowing you to exercise any cover change options you have under the policy, offering renewal, where applicable, and dealing with claims.\n\nVerifying claims\nIf a claim is made, we use personal information to verify the claim and ensure that we pay out to the right person. This will differ, depending on the type of policy:\n\nFor pet insurance claims we’ll also collect information about any illness or injury in relation to the pet and we may also seek information from the treating vet. Where a claim arises because a pet has caused damage or personal injury to another person we’ll also need to collect information in relation to this\nFor mobile/gadget claims we’ll need to verify your identity and collect details of the circumstances of the claim and the IMEI number of the mobile device\nFor personal accident policies we’ll need to verify your identity and collect details of the accident or injury leading to the claim. We may also need to ask you to authorise your healthcare provider to provide information to assist in assessing the claim\n1.4 Life insurance\nWhere you take out life insurance with us (for example, life, critical illness or income protection policy), we’ll collect and use your personal information to arrange, underwrite and manage your policy, as well as prevent fraud and handle claims.\n\nExcept for certain types of life insurance which are not underwritten for example, over 50s life insurance and free parent life cover, the personal information we use includes health information, lifestyle information and employment status (including, for income protection only, level of earnings) of each insured person. We’ll also collect the family or personal history of the insured person, or details of appointed trustees where policies are placed under trust.\n\nAutomated decision making\nWe need your personal information when you apply to us to decide if we can offer a policy and, if so, on what terms. We use an automated underwriting engine as part of that process, which takes account of the information you have provided (including your age, whether you smoke, your answers to our health and lifestyle questions, including your family medical history) along with the amount of cover you wish to obtain. We’ll make clear to you in the application for each policy whether automated underwriting is used. For more detail on automated decision making please click here.\n\nWhere we collect and use health information, we may ask each insured person to authorise a healthcare provider to supply relevant supporting information, including, where relevant, health information about their family or personal history.\n\nThroughout the life of these types of policies, we’ll hold your personal information to enable us to properly administer the policy, such as allowing you to exercise any options you may have under the policy. We may also use the information (including health information) to perform analytics and ensure that our products are appropriately priced.\n\nVerifying claims\nIf a claim is made, we use your personal information to verify the claim and ensure that we pay out to the right person. This will differ, depending on the type of policy:\n\nFor claims under a life insurance policy, we’ll need to ask you to confirm your identity, provide details of the policyholder and (if different) the insured person, including details of their death so that we can assess the claim\nFor claims under a critical illness or income protection policy, we’ll need to ask you to confirm your identity and provide details of your health condition. We may also ask you to authorise your healthcare provider to provide information to assist in assessing the claim\n1.5 Equity release\nWhere you take out an equity release lifetime mortgage product we’ll collect and use your personal information to decide if we can offer you a product and, if so, on what terms. We’ll also use it to arrange and manage your account, as well as prevent fraud.\n\nThe personal information we use for this type of product may include how long you have lived at the property, the estimated property value, the purpose of the loan, the ownership status of your home and what proportion is owned by you as well as information about your legal adviser and existing lender.\n\nIf you select certain features of the product, we’ll also collect health information to assess risk and eligibility for the product. We use an automated underwriting engine as part of that process, which takes account of the information you have provided (including your age, whether you smoke and your answers to our health and lifestyle questions). For more detail on automated decision making please click here. We’ll collect information about you and any person to be a joint account holder as well as any occupants of the property.\n\nThroughout the duration of your product we’ll hold your personal information to enable us to properly administer the product for example to provide you with information and process payments.\n\n1.6 Annuities\nWhere you take out an annuity policy we’ll collect and use your personal information to arrange, underwrite and manage your policy and prevent fraud.\n\nThe personal information we use for these types of products includes health information and lifestyle information about you and anyone else to be insured under the policy. We use this information to decide whether, and on what terms, we can offer you a policy. We use an automated underwriting engine as part of that process, which takes account of the information you have provided (including your age, whether you smoke and your answers to our health and lifestyle questions). Learn more about automated decision making here.\n\nOccupational pension schemes\nTrustees of an occupational pension scheme may take out an annuity policy for the purposes of the scheme. Where they do this we may collect personal information about members of the scheme to arrange, underwrite and manage the policy, as well as prevent fraud.\n\nThroughout the life of these types of product, we’ll hold your personal information to enable us to properly administer the policy, for example, to pay benefits.\n\n1.7 Pensions, savings and investments\nWhere you take out a pension, savings or investment product we’ll collect and use your personal information to arrange and manage your policy, as well as prevent fraud.\n\nWe may also collect and use your personal information for these purposes if you:\n\njoin your employer’s pension scheme and they use an Aviva pension product for their scheme\nare a member of your employer’s pension scheme and the trustees of the scheme use an Aviva investment product for the purposes of the scheme\nThe personal information we use for these types of products may include your:\n\nemployment status\ndetails and value of your pension\nsalary details\nmarital status\ntax information\nnational insurance number.\nThroughout the life of these types of product, we’ll hold your personal information to enable us to properly administer the product, for example to process investment instructions and withdrawals from your product.\n\n1.8 Business insurance including motor and non-motor business insurance and corporate specialty risks\nWhere you take out a business insurance policy with us we may collect and use personal information to arrange, underwrite, manage your policy, prevent fraud and handle claims.\n\nThe personal information we use for these types of policies may include information about your business, including the business name, the contact person for your business, details of directors, partners or individual traders for the business and payment information.\n\nWe may also collect details about the number of employees, details of employees (including any offences and convictions that we need to know about to allow us to underwrite the policy), their role in the company and details of the business assets or liabilities to be insured.\n\nFor business health, life, travel and personal accident insurance\nThe information we collect may include health information for each person to be insured, for example employees who are to be covered under the insurance policy. We may also ask you to authorise your healthcare provider to supply relevant supporting information, including, where relevant, health information about the family or personal history of each person to be insured. We need this information to underwrite and manage the policy and facilitate and handle claims.\n\nFor business motor insurance\nWe’ll collect identity information in relation to employees or other people to be insured under the policy. Information may include any relevant offences and convictions or health information for drivers to be insured under the policy. We also collect and use information about drivers and vehicles to be insured from public registers, from our trusted third parties, such as the MIB, and information already held by Aviva, eg from previous policies or quotes.\n\nIf you’re seeking a policy with telematics capability, we’ll also use telematics data. We’ll also add details of the policy to the Motor Insurance Database maintained by the MIB. The MIB may make this information available to authorised bodies such as the DVLA, DVLNI and IFB.\n\nAutomated decision making\nWe need the personal information when you apply to us to decide if we can offer a policy and, if so, on what terms. We use an automated underwriting engine as part of that process, which takes account of the information you have provided (including health information or offences and convictions data, where appropriate). The automated engine may also validate information you provide against other records we hold in our systems and third party databases, including public databases. We may supplement the information you provide with information from third parties who can provide more information about the vehicles or property to be insured. For more details on automated decision making, please click here.\n\nThroughout the life of these types of policies we’ll hold the personal information to enable us to properly administer the policy, for example to offer renewal, make mid-term changes you request and deal with claims. We may use the personal information to perform analytics and ensure that our products are appropriately priced.\n\nVerifying claims\nIf a claim is made, we use the personal information to verify the identity of the policyholder and (if different) provide details of the insured, so that we can identify them. We’ll also need you to provide details of the claim so that we can assess the claim. Where necessary, this will include providing details of any accidents or personal injuries that have been suffered as part of the claim, either by an insured person or third party. In certain circumstances (for example where personal liability is covered) it may be necessary to collect details of alleged offences in relation to an insured person.\n\nPreventing fraud\nWe’ll also use your personal information to detect and prevent fraudulent practices, fight financial crime and meet our regulatory responsibilities. To find out more about how we use your personal information in this regard, click here.\n\nIf you’re making a claim, we may use profiling and other forms of automated processing to assess if your claim may be fraudulent. This assessment may involve the use of your sensitive personal information. For example, we may use your past motoring convictions for motoring insurance. To learn more about how we use your personal information for automated decision making and profiling, click here."
},
"unusualProcessingPurposes": {
"isMissing": false,
"present": "not_present"
},
"thirdParties": {
"isMissing": false,
"list": [
"Financial advisors and business partners who help Aviva arrange products",
"Insurers, reinsurers and brokers who help Aviva manage and underwrite products",
"Data analysts",
"Comparison websites",
"Regulators who regulate how Aviva operates",
"Solicitors representing data subjects or third-party claimants",
"Third-party administrators who help Aviva manage products and services",
"Loss adjusters and claims experts",
"Assistance providers who provide customers with assistance in the event of claims",
"IT service providers",
"Medical professionals if health records need to be accessed for insurance claims",
"Third-party case managers handling customer care",
"Employers and third parties that provide pension services to customers",
"Media agencies who provide marketing and display advertising services"
],
"specificity": "general",
"sourceText": "Depending on the product or service, we’ll share personal information with a number of our trusted third parties, including:\n\n* financial advisers and business partners who help us arrange our products\n* insurers, reinsurers and brokers who help us manage and underwrite our products and provide reinsurance and insurance services\n* data analysts and providers of data services who support us with developing our products and prices\n* comparison websites and similar companies that offer ways to research and apply for financial services products\n* regulators who regulate how we operate, these include the FCA, PRA, Financial Ombudsman, HMRC, The Pensions Regulator and ICO\n* solicitors and professional service firms who act on our or your behalf, or who represent a third-party claimant\n* third-party administrators who help us manage our products and services\n* loss adjusters and claims experts who help us handle claims\n* assistance providers who can help provide you with assistance in the event of a claim\n* service providers who help operate our IT and back office systems, including our underwriting processes\n* medical professionals, if we need to access health records or assessments for the purposes of arranging and underwriting certain products or facilitating and handling claims\n* third-party case managers, handling your care or treatment pathway\n* employers and third parties that provide services to you and your employer in respect of a pension scheme, including pension planning services for employees\n* media agencies and other providers of marketing and display advertising services, who help us make sure you receive marketing content that’s relevant to you and your preferences"
},
"retentionRules": {
"isMissing": false,
"summary": "Aviva \"generally only keep personal information for as long as is reasonably required for the reasons explained in this privacy policy.\" They do not provide more specific information about retention periods.",
"specificityCategory": "general",
"specificityTime": "general",
"sourceText": "We generally only keep personal information for as long as is reasonably required for the reasons explained in this privacy policy. We do keep certain transactional records - which may include personal information - for more extended periods if we need to do this to meet legal, regulatory, tax or accounting needs. For instance, we’re required to retain an accurate record of your dealings with us, so we can respond to any complaints or challenges you or others might raise later. We’ll also retain files if we reasonably believe there is a prospect of litigation.\n\nTo support us in managing how long we hold your data and our record management, we maintain a data retention policy which includes clear guidelines on data deletion.\n\nWe may also retain personal information where we have identified a legal basis for doing so in an aggregated form which allows us to continue to develop/improve our products and services."
},
"lawfulBases": {
"isMissing": false,
"consent": "\"where we have obtained appropriate consents to collect or use your personal information for a particular purpose\"",
"contract": "\"to arrange, underwrite or manage our products, or handle claims in accordance with their terms\"",
"legalObligation": "\"to meet responsibilities we have to our regulators, tax officials, law enforcement, or otherwise meet our legal responsibilities\"",
"legitimateInterests": "\"to operate and improve our products and services and keep people informed about our products and services or for any other purposes we identify as relevant to further our business interests but never at the expense of your privacy rights (we refer to these activities as our legitimate interests)\"",
"observations": "Aviva do not provide a comprehensive breakdown of which data falls under which of the lawful bases, but do indicate that data subjects can contact the data protection team to find out more \"about the legal reasons or legitimate interests that apply to a particular way in which we use personal information\"."
},
"securityStandards": {
"present": "not_present"
},
"dataProcessingAddendum": {
"present": "not_present"
},
"privacyShield": {},
"dataProtectionRegister": {},
"automatedDecisionMaking": {
"usesAutomatedDecisionMaking": "present",
"observations": "Aviva use automated decision making to decide whether they can offer particular products to customers. The policy contains a breakdown of what data is used as part of the automated decision making process and also breaks this down further depending on the category of product.",
"specificity": "specific",
"sourceText": "We need your personal information when you apply for a policy to decide if we can offer a policy and, if so, on what terms. We use an automated underwriting engine as part of that process, which takes account of the information you have provided including address, post code, and age, (and, for motor policies, we use marital status, employment details and details of health and relevant offences and convictions for you and any other drivers). The automated engine may also validate information you provide against other records we hold about you in our systems and third party databases, including public databases. We may supplement the information you provide with information from third parties who can provide more information about your vehicle or property (including DVLA databases, land registries and commercially available property databases). More details on your rights in relation to automated decision making are here.\n\nThroughout the term of these types of policies we’ll hold your personal information to enable us to properly administer the policy, such as offering renewal or dealing with claims. We may use the information to perform analytics and ensure we’re appropriately pricing our products."
},
"complaintInformation": {
"observations": "Aviva provide information on contacting the ICO to complain about how they are processing data.",
"specificity": "specific",
"sourceText": "If you’re not happy with the way we’re handling your information, you have a right to make a complaint with your local data protection supervisory authority at any time. In the UK this is the Information Commissioners Office (ICO).\n\nWe ask that you please attempt to resolve any issues with us before contacting the ICO."
},
"presentation": {
"plainLanguage": "pass",
"easyToFind": "pass",
"easyToFindInside": "pass"
}
}